CVE-ID

CVE-2002-0012

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20020110 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20061101)
Votes (Legacy)
ACCEPT(6) Cole, Foat, Green, Jones, Wall, Ziese
REVIEWING(1) Christey
Comments (Legacy)
 Christey> This candidate is at a higher level of abstraction (more
   general) than most other candidates.  CVE's content
   decisions suggest that we should provide different candidates
   for each implementation and type of bug that is affected by
   the PROTOS suite.
   
   However, as of this writing (Feb 12, 2002), there is
   insufficient information to assign the proper number of
   candidates.  This high-level candidate will serve as a
   "catch-all," but we will be assigning lower-level (more
   specific) candidates when there is more information.
   
   Due to the size and extent of this problem, it is better to
   have a high-level candidate than no candidate at all.
 Ziese> ACKNOWLEDGED-BY-VENDOR
 Christey> DEBIAN:DSA-111
   MANDRAKE:MDKSA-2002:014
 CHANGE> [Christey changed vote from NOOP to REVIEWING]
 Christey> CALDERA:CSSA-2002-004.0
 Christey> Consider adding BID:4088
 Christey> ADDREF SGI:20020404-01-P, which discusses the "hpsnmpd" daemon.
 Christey> COMPAQ:SSRT0799
   CONECTIVA:CLA-2002:462
   BID:4088
   DEBIAN:DSA-111
   HP:HPSBUX0202-184
   URL:http://online.securityfocus.com/advisories/4032
   CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities
   CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
   MANDRAKE:MDKSA-2002:014
   FREEBSD:FreeBSD-SA-02:11
 Christey> SUSE:SuSE-SA:2002:012
   
   Should also mention ucd-snmp package by name.
   BUGTRAQ:20020824 NOVL-2002-2961546 - SNMPv1 Trap and Request Handling Vulnerabilities
   URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0295.html
   HP:HPSBMP0206-015
   URL:http://archives.neohapsis.com/archives/hp/2002-q4/0010.html
   CALDERA:CSSA-2002-SCO.25
   URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0024.html
   CALDERA:CSSA-2002-004.1
   URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-004.1
   BUGTRAQ:20020227 nCipher Security Advisory #2: SNMP vulnerabilities
   URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0353.html
 Christey> REDHAT:RHSA-2002:036
   URL:http://www.redhat.com/support/errata/RHSA-2002-036.html

Proposed (Legacy)
20020315
This is an entry on the CVE list, which standardizes names for security problems.